Chip vulnerabilities and Emsisoft: What you need to know

On January 2nd, a major security vulnerability affecting Intel and other chipmakers came to light. These flaws, which were discovered much earlier by several researchers but kept under a non-disclosure agreement to allow time to coordinate a proper response, could allow potential exploits to access sensitive system memory information without permission.

As a result, all major tech companies including Intel, AMD, ARM, Microsoft, Google and Amazon are rushing to provide emergency patches before these vulnerabilities, dubbed Meltdown and Spectre, can be exploited by malicious programs and cause widespread harm.

But what makes these vulnerabilities so dangerous, how can you ensure your devices will be protected, and what is Emsisoft doing to keep its customers safe?

What are Meltdown and Spectre?

Publicly disclosed by The Register on Tuesday, these critical vulnerabilities, dubbed Meltdown and Spectre, could allow malicious programs unauthorized access to privileged information stored in the system memory, such as passwords, login keys or cached files from other software.

Meltdown, which only affects Intel chips produced since 1995, effectively removes a barrier within the system memory, allowing regular user processes direct access to sensitive information stored within the kernel. The Spectre vulnerability affects all chip vendors, including Intel, AMD and ARM, and tricks applications into leaking their memory contents. While this is harder to exploit by cyber criminals, it is also proving much harder to fix for hardware and software makers.

As a result of these vulnerabilities, personal computers, mobile devices and cloud services across all operating systems are susceptible to a potential malicious attack.

What can I do to keep my devices secure?

The most important step is to ensure that your devices are updated with the latest available updates from your hardware and software vendors.

Unfortunately, the vulnerabilities cannot be fixed via a simple firmware update by the chip makers. Instead, a combination of firmware and software updates is necessary to fix the majority of the security flaws. Both hardware and software vendors such as Microsoft, Google and Intel have released or are in the processes of providing patches to their customers.

Given the severity of the situation, Microsoft took an unusual step and released an emergency patch for Windows 10 (Version 1709) on January 3rd, rather than wait for their usual “Patch Tuesday” to provide a fix. The update should automatically be applied to Windows 10 machines via Windows Update. Alternatively, you can manually download and install it here.

How is Emsisoft affected by these vulnerabilities?

Due to the urgency of providing a fix, Microsoft decided to block the installation of the updates on systems with any third-party antivirus software, in an attempt to avoid potential blue screen of death errors caused by the changes made. Security vendors had little time to react, but our team was quick to verify that our software is fully compatible without any further changes, tested the fix across different Windows instances and pushed out an update that sets the required registry key and allows the installation of the necessary security patch.

We, therefore, urge all of our customers to manually trigger a software update of their Emsisoft security product if they haven’t done so already and follow up with a manual Windows update to install the patch. If the patch doesn’t show up right away, a reboot of the system may be necessary for Windows Update to register the newly set compatiblity flag and list the update. Also, we strongly advise against the use of multiple AVs, as the registry flag is not product specific and can, if an incompatible AV is installed in parallel with Emsisoft Anti-Malware, still cause a blue screen error.

We will continue to monitor the situation and keep our customers updated on new developments or further measures that need to be taken.

Rest assured that our malware protection will continue to keep you safe from all types of online threats as you’d expect it.